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CLAIMS 

The following listing of claims replaces all prior versions. 



1 1 . (Currently Amended) A method for securing data in communications between a client 

2 and server using an unencrypted transfer protocol that does not encrypt a payload defined by 

3 the transfer protocol, the method comprising the computer-implemented steps of: 

4 selecting a subset of data for encryption from a set of data to be communicated 

5 between the client and the server in a particular payload of the unencrypted 

6 transfer protocol; 

7 determining a secret integer that is unique for the subset among a plurality of subsets 

8 in a plurality of payloads , wherein the secret integer associated with the 

9 particular payload is unique relative to secret integers associated with other 

10 payloads of the plurality of payloads; 

1 1 based on the subset and the secret integer, generating encrypted data that is 

12 impractical for a device other than the client and the server to decrypt; and 

13 sending, from a sending device of the client and the server to a receiving device of the 

14 client and the server, in the particular payload, the encrypted data and clue 

15 information to determine, only at the client and the server, the secret integer 

1 6 for decrypting the encrypted data. 
17 

18 
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1 2. (Original) A method as recited in Claim 1, wherein the unencrypted transfer protocol 

2 is Hypertext Transfer Protocol (HTTP). 

1 3. (Original) A method as recited in Claim 1, said step of determining a secret integer 

2 that is unique for the subset further comprising the steps of: 

3 generating a first integer using a random number generator; 

4 determining a shared secret key to be shared with the receiving device based on the 

5 first integer and a first public key associated with the receiving device; and 

6 selecting the secret integer based on the shared secret key. 

1 4. (Original) A method as recited in Claim 3, said step of sending the information to 

2 determine the secret integer further comprising the steps of: 

3 determining a second public key associated with the sending device based on the first 

4 integer; and 

5 including the second public key in the information to determine the secret integer. 
6 

1 5. (Original) A method as recited in Claim 3, said step of sending the information to 

2 determine the secret integer further comprising the steps of: 

3 determining a plurality of second public keys associated with the sending device 

4 based on the first integer, wherein each of the second public keys is associated 

5 with one of a plurality of subsets from the set of data; and 
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6 including the plurality of second public keys in the information to determine the 

7 secret integer. 

1 6. (Original) A method as recited in Claim 3, said step of setting the secret integer 

2 further comprising the step of applying a particular hash function to the shared secret key to 

3 generate the secret integer. 

1 7. (Original) A method as recited in Claim 3, said step of generating encrypted data 

2 further comprising the step of performing an exclusive or (XOR) operation between 

3 corresponding bits of the subset and the secret integer to generate the encrypted data. 

1 8. (Original) A method as recited in Claim 1, wherein: 

2 said step of determining the secret integer further comprises the step of applying a 

3 particular hash function a plurality of times to a shared secret key shared with 

4 the receiving device; and 

5 said step of sending the information to determine the secret integer further comprises 

6 the step of storing, as part of the clue information, data that indicates a number 

7 of times the particular hash function has been applied. 

1 9. (Original) A method as recited in Claim 8, said step of determining the secret integer 

2 further comprising the steps of: 

3 determining a first integer formed after the particular hash function is applied the 

4 number of times indicated in the information; 
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5 determining a second integer formed after the particular hash function is applied 

6 fewer times than the number of times indicated in the information; and 

7 performing an exclusive or (XOR) operation between corresponding bits of the first 

8 integer and the second integer. 
9 

1 10. (Original) A method as recited in Claim 8, said step of determining the secret integer 

2 further comprising the steps of: 

3 determining a first integer formed after the particular hash function is applied the 

4 number of times indicated in the information; 

5 determining a second integer formed after a second hash function is applied for the 

6 number of times indicated in the information, wherein the second hash 

7 function is different from the particular hash function that is used to determine 

8 the first integer; and 

9 performing an exclusive or (XOR) operation between corresponding bits of the first 
1 0 integer and the second integer. 

1 11. (Original) A method as recited in Claim 8, further comprising, before said step of 

2 determining the secret integer, performing the steps of: 

3 determining the shared secret key based on a particular communication between the 

4 client and the server; and 

5 storing the shared secret key in a secure data structure. 
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1 12. (Original) A method as recited in Claim 1, wherein the secret integer has a particular 

2 number of bits fixed for all subsets in all payloads communicated during a communication 

3 session between the client and the server. 

1 13. (Original) A method as recited in Claim 1, wherein the secret integer has a number of 

2 bits that varies in accordance with lengths of payloads that are communicated during a 

3 communication session between the client and the server. 

1 14. (Currently Amended) A method for securing data in communications between a client 

2 and server using an unencrypted transfer protocol that does not encrypt a payload associated 

3 with the transport protocol, the method comprising the computer-implemented steps of: 

4 receiving, at a receiving device of the client and the server from a sending device of 

5 the client and the server, in a particular payload of the unencrypted transfer 

6 protocol, encrypted data and clue information to determine, only at the client 

7 and the server, a secret integer unique for the encrypted data in the particular 

8 payload among a plurality of subsets in a plurality of payloads , wherein the 

9 secret integer associated with the particular payload is unique relative to secret 

10 integers associated with other payloads of the plurality of payloads : 

1 1 determining the secret integer based, at least in part, on the clue information; and 

12 based on the secret integer, decrypting the encrypted data to generate a subset of data 

1 3 te-be communicated between client and serve r, wherein the subset is 

14 encrypted when transferred from the sending device to the receiving device . 
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1 15. (Original) A method as recited in Claim 14, wherein the unencrypted transfer 

2 protocol is the Hypertext Transfer Protocol (HTTP). 

1 16. (Original) A method as recited in Claim 14, said step of determining the secret integer 

2 further comprising the steps of: 

3 based on the clue information, determining a shared secret key shared with the 

4 sending device; and 

5 generating the secret integer based on the shared secret key. 

1 17. (Original) A method as recited in Claim 16, said step of generating the secret integer 

2 further comprising the step of applying a particular hash function to the shared secret key to 

3 generate the secret integer. 

1 18. (Original) A method as recited in Claim 14, wherein: 

2 the method further comprises the steps of 

3 determining a shared secret key based on a particular communication between 

4 the client and the server, and 

5 storing the shared secret key in a secure data structure; and 

6 the clue information indicates a number of times a particular hash function is applied 

7 to the shared secret key in generating the secret integer. 
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1 19. (Original) A method as recited in Claim 18, said step of determining the secret integer 

2 further comprising the step of causing the particular hash function to be applied the number 

3 of times indicated by the clue information to the shared secret key: 

1 20. (Original) A method as recited in Claim 19, said step of determining the secret integer 

2 further comprising the steps of: 

3 determining a first integer formed after the particular hash function is applied the 

4 number of times indicated by the clue information; 

5 determining a second integer formed after the particular hash function is applied 

6 fewer times than the number of times indicated by the clue information; and 

7 performing an exclusive or (XOR) operation between corresponding bits of the first 

8 integer and the second integer. 

1 21 . (Original) A method as recited in Claim 19, said step of determining the secret integer 

2 further comprising the steps of: 

3 determining a first integer formed after the particular hash function is applied the 

4 number of times indicated in the information; 

5 determining a second integer formed after a second hash function is applied for the 

6 number of times indicated in the information, wherein the second hash 

7 function is different from the particular hash function that is used to determine 

8 the first integer; and 

9 performing an exclusive or (XOR) operation between corresponding bits of the first 
1 0 integer and the second integer. 
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1 22. (Original) A method as recited in Claim 14, said step of decrypting the encrypted data 

2 further comprising the step of performing an exclusive or (XOR) operation between 

3 corresponding bits of the encrypted data and the secret integer to generate the subset of data. 

1 23. (Original) A method as recited in Claim 14, wherein the secret integer has a particular 

2 number of bits fixed for all subsets in all payloads communicated during a communication 

3 session between the client and the server. 

1 24. (Currently Amended) A computer-readable medium carrying one or more sequences 

2 of instructions for securing data in communications between a client and server using an 

3 unencrypted transfer protocol that does not encrypt a payload defined by the transport 

4 protocol, which instructions, when executed by one or more processors, cause the one or 

5 more processors to carry out the steps of: 

6 selecting a subset of data for encryption from a set of data to be communicated 

7 between the client and the server in a particular payload of the unencrypted 

8 transfer protocol; 

9 determining a secret integer that is unique for the subset among a plurality of subsets 

10 in a plurality of payloads , wherein the secret integer associated with the 

11 particular payload is unique relative to secret integers associated with other 

12 payloads of the plurality of payloads ; 

13 based on the subset and the secret integer, generating encrypted data that is practically 

14 unintelligible to a device other than the client and the server; and 
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15 



sending, from a sending device of the client and the server to a receiving device of the 



16 



client and the server, in the particular payload, the encrypted data and 



17 



information to determine, only at the client and the server, the secret integer 



18 



for decrypting the encrypted data. 



1 25. (Currently Amended) A computer-readable medium carrying one or more sequences 

2 of instructions for securing data in communications between a client and server using an 

3 unencrypted transfer protocol that does not encrypt a payload defined by the transport 

4 protocol, which instructions, when executed by one or more processors, cause the one or 

5 more processors to carry out the steps of: 

6 receiving, at a receiving device of the client and the server from a sending device of 

7 the client and the server, in a particular payload of the unencrypted transfer 

8 protocol, encrypted data and information to determine, only at the client and 

9 the server, a secret integer unique for the encrypted data in the particular 

10 payload among a plurality of subsets in a plurality of payloads , wherein the 

11 secret integer associated with the particular payload is unique relative to secret 

12 integers associated with other payloads of the plurality of payloads ; 

13 determining the secret integer based, at least in part, on the information; and 

14 based on the secret integer, decrypting the encrypted data to generate a subset of data 

1 5 te-be communicated between client and serve r, wherein the subset is 

16 encrypted when transferred from the sending device to the receiving device . 
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1 26. (Currently Amended) An apparatus for securing data in communications between a 

2 client and server using an unencrypted transfer protocol that does not encrypt a payload 

3 defined by the transport protocol, comprising: 

4 means for selecting a subset of data for encryption from a set of data to be 

5 communicated between the client and the server in a particular payload of the 

6 unencrypted transfer protocol; 

7 means for determining a secret integer that is unique for the subset among a plurality 

8 of subsets in a plurality of payloads , wherein the secret integer associated with 

9 the particular payload is unique relative to secret integers associated with 

10 other payloads of the plurality of payloads ; 

1 1 means for generating, based on the subset and the secret integer, encrypted data that is 

12 practically unintelligible to a device other than the client and the server; and 

13 means for sending to a receiving device of the client and the server, in the particular 

14 payload, the encrypted data and information to determine, only at the client 

15 and the server, the secret integer for decrypting the encrypted data. 
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1 27. (Currently Amended) An apparatus for securing data in communications between a 

2 client and server using an unencrypted transfer protocol that does not encrypt a payload 

3 defined by the transport protocol, comprising: 

4 means for receiving, at a receiving device of the client and the server from a sending 

5 device of the client and the server, in a particular payload of the unencrypted 

6 transfer protocol, encrypted data and information to determine, only at the 

7 client and the server, a secret integer unique for the encrypted data in the 

8 particular payload among a plurality of subsets in a plurality of payloads^ 

9 wherein the secret integer associated with the particular payload is unique 

10 relative to secret integers associated with other payloads of the plurality of 

11 payloads ; 

12 means for determining the secret integer based, at least in part, on the information; 

13 and 

14 means for decrypting the encrypted data, based on the secret integer, to generate a 

1 5 subset of data to be communicated between client and serve r, wherein the 

16 subset is encrypted when transferred from the sending device to the receiving 

17 device. 
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1 28. (Currently Amended) An apparatus for securing data in communications between a 

2 client and server using an unencrypted transfer protocol that does not encrypt a payload 

3 defined by the transport protocol, comprising: 

4 a network interface that is coupled to the data network for sending one or more packet 

5 flows thereto; 

6 a processor; 

7 one or more stored sequences of instructions which, when executed by the processor, 

8 cause the processor to carry out the steps of: 

9 selecting a subse t of data for encryption from a set of data to be 

1 0 communicated between the client and the server in a particular payload 

11 of the unencrypted transfer protocol; 

12 determining a secret integer that is unique for the subset among a plurality of 

1 3 subsets in a plurality of payloads , wherein the secret integer associated 

14 with the particular payload is unique relative to secret integers 

15 associated with other payloads of the plurality of payloads : 

16 based on the subset and the secret integer, generating encrypted data that is 

17 practically unintelligible to a device other than the client and the 

18 server; and 

19 sending, to a receiving device of the client and the server, in the particular 

20 payload, the encrypted data and information to determine, only at the 

21 client and the server, the secret integer for decrypting the encrypted 

22 data. 
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1 29. (Currently Amended) An apparatus for securing data in communications between a 

2 client and server using an unencrypted transfer protocol that does not encrypt a payload 

3 defined by the transport protocol, comprising: 

4 a network interface that is coupled to the data network for receiving one or more 

5 packet flows therefrom; 

6 a processor; 

7 one or more stored sequences of instructions which, when executed by the processor, 

8 cause the processor to carry out the steps of: 

9 receiving, from a sending device of the client and the server, in a particular 

10 payload of the unencrypted transfer protocol, encrypted data and 

1 1 information to determine, only at the client and the server, a secret 

1 2 integer unique for the encrypted data in the particular payload among a 

1 3 plurality of subsets in a plurality of payloads , wherein the secret 

14 integer associated with the particular payload is unique relative to 

15 secret integers associated with other payloads of the plurality of 

16 payloads ; 

17 determining the secret integer based, at least in part, on the information; and 

18 based on the secret integer, decrypting the encrypted data to generate a subset 

19 of data to be communicated between client and serve r, wherein the 

20 subset is encrypted when transferred from the sending device to the 

21 receiving device . 
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